Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale

摘要

The certificate authority (CA) PKI system has been used for decades as a means of providing domain identity verification services throughout the Internet, but a growing body of evidence suggests that our trust in this system is misplaced. A recently proposed CA alternative, Convergence, extends the Network Perspectives system of multi-path probing to perform certificate verification. Unfortunately, adoption of Convergence and other SSL/TLS trust enhancements has been slow, in part because it is unknown how these systems perform against large workloads and realistic conditions. In this work we ask the question "What if all certificates were validated with Convergence?" We perform a case study of deploying Convergence under realistic workloads with a university-wide trace of real-world HTTPS activity. By synthesizing Convergence requests, we effectively force perspectives-based verification on an entire university in simulation. We demonstrate that through local and server caching, a single Convergence deployment can meet the requirements of millions of SSL flows while imposing under 0.1% network overhead and requiring as little as 108 ms to validate a certificate, making Convergence a worthwhile candidate for further deployment and adoption.